Nameserver Problem [more] -

Bob Goodwin - W2BOD bobgoodwin at wildblue.net
Mon Apr 2 20:46:12 UTC 2007 

Tim wrote:
> On Sun, 2007-04-01 at 17:58 -0400, Bob Goodwin - W2BOD wrote:
>   
>> The next question is how to insert the zone files into lan.conf?
>>
>> does
>>
>> zone "lan.example.com" {
>>         type slave;
>>         file  "slaves/lan.example.com.zone";
>>         masters { 192.168.1.2; };
>>
>> become:
>>
>> zone "tacoda.net" {
>>         type slave;
>>         file  "slaves/tacoda.net.zone";
>>         masters { 192.168.1.2; };
>>     
>
> That's the general idea, though now I think I've muddied the waters with
> that prior message and yours.  Back then, I was talking about setting up
> slave zones on a slave server, and the thread digressed.  In that case,
> each zone was set up like you've typed above, each with their own DNS
> zone record files.
>
> The advert blocking was done with a series of master zone
> configurations, like this:
>
>   zone "adimages.com"   { type master; file  "dead.zone"; };
>   zone "admonitor.com"  { type master; file  "dead.zone"; };
>
> Where they *all* reference the same "dead.zone" DNS zone record file.
>
> Anyway, to try and answer everything in one go regarding blocking of
> annoyances on some websites, I'll post a series of files below.  But
> I'll change one thing:  I'll use blocking.conf instead of lan.conf.
> Then I can use lan.conf file for configuring local machine addresses
> (which could be masters or slaves, depending on what you're doing), and
> a separate blocking.conf file just for that purpose.  It might make
> explanations simpler.
>
> My custom /var/named/chroot/etc/named.conf file:
>
> ---------------[begin example]------------------
> ## LAN:
>
> view  lan_resolver {
>         match-clients      { localhost; };
>         match-destinations { localhost; };
>         include "/etc/blocking.conf";
>         include "/etc/rndc.key";
> };
>
> include "/etc/named.caching-nameserver.conf";
> ----------------[end example]-------------------
>
> This is a simple default file, that's easy to replace should it get
> borked by a BIND update.  The named.conf file will be loaded by default
> by BIND, and this one refers to the named.caching-nameserver.conf file
> so that function still works, and without altering the supplied conf
> file.  It includes any other custom files that I want to use, in this
> case the blocking.conf file.  I'd include a lan.conf file, too, in that
> view section, if I was also using it to resolve local addresses (instead
> of the hosts file, which is inadequate for certain services).
>
> NB:  It'd be a bit less painful without having to use "views", but since
> the caching nameserver configuration file does, you're forced into
> working the same way.
>
> My custom /var/named/chroot/etc/blocking.conf file:
>
> ---------------[begin example]------------------
> ## advert blocking:
>
> zone "adimages.com"             { type master; file  "dead.zone"; };
> zone "admonitor.com"            { type master; file  "dead.zone"; };
> zone "adsfac.net"               { type master; file  "dead.zone"; };
> ----------------[end example]-------------------
>
> That file's a list of any domain that I want to kill off.  Just add more
> of the same below, as needed.  Only use the domain name, it'll kill it
> and any sub-domains in one go.
>
> i.e. Using example.com will kill off it and www.example.com and
> news.example.com and so on...  But if I'd put in www.example.com, then
> example.com would be left alone, and it'd be www.example.com and further
> subdomains of www.example.com that got blocked (e.g. it'd block ones
> like now.www.example.com and then.www.example.com, etc.).
>
> My custom /var/named/chroot/var/named/dead.zone file:
>
> ---------------[begin example]------------------
> $TTL 86400
> @       IN      SOA     ns.localdomain.  hostmaster.mail.localdomain. (
>                         200 ; serial
>                         28800 ; refresh
>                         7200 ; retry
>                         604800 ; expire 
>                         86400 ; ttl
>                         )
>
>
>         IN      NS      ns.localdomain.
> ----------------[end example]-------------------
>
> That causes all blocked domains to get a null answer, straight away.
>
>   
>> Then the problem becomes harvesting the addresses.  Is there a way
>> to get them other than reading them as they flash across the bottom of
>> the screen in Firefox?
>>     
>
> The ones I used were the ones that frequently annoyed me.  I never tried
> to kill off *all* adverts, that's an endless game.  I just picked on
> ones that kept on being a pain (e.g. flash or pop-up adverts, and ones
> that took ages to load and held everything else back while they did, on
> websites that I regularly used), I've only got about twenty of them on
> my list.  Any website that acts in such inconsiderate ways towards their
> viewers deserves the punishment of lost revenue.
>   
Eureka!  It works, once I figured out that I had to do   'service named 
restart'  each time I made a change, added an address to be blocked.

The blocked list still needs refinement but I am very happy with the result.

Thanks Tim.

Bob Goodwin

More information about the users mailing list